NAME

sxid.conf - configuration settings for sxid

DESCRIPTION

This is the configuration file used by sxid to define it’s parameters
for execution. By default it is /etc/sxid.conf but can be anything
using the --config command line option for sxid. Options in this file
are in the form of OPTION = "VALUE". Note that the VALUE must be
contained in double quotes.

OPTIONS

ALWAYS_NOTIFY
If sxid does not find any changes it will not send an email
unless you specify "yes" here.
ALWAYS_ROTATE
Usually sxid will only rotate the log files when there is a
change from the last run. This is usually best, since all logs
will record a change rather than just a run of the program. If
you want to rotate the logs every time sxid is run, regardless
of changes, specify "yes" here.
EMAIL Where to send the email containing the output of changes every
time sxid is run. Example:
EMAIL = "Great Admin <root@host.com>"
ENFORCE
Normally sxid only flags items which are suid or sgid and are in
a FORBIDDEN directory. With this option set to "yes" sxid will
remove the s[ug]id bit(s) on any files or directories it finds
in forbidden directories and report any changes in the email.
Note that directories listed in FORBIDDEN are searched
regardless of whether or not they are listed in SEARCH.
However, EXCLUDED options still apply to directories that fall
under them.
EXCLUDE
A space seperated list of directories to exclude from the
search. Note that if a SEARCH path falls under an EXCLUDE path
that it will still be searched. This is useful for excluding
whole directories and only specifying one. Example:
SEARCH = "/usr /usr/src/linux"
EXCLUDE = "/usr/src"
EXTRA_LIST
File that contains a list of (each on it’s own line) of other
files that sxid should monitor. This is useful for files that
aren’t +s, but relate to system integrity (tcpd, inetd,
apache...). Example:
EXTRA_LIST = "/etc/sxid.list"
FORBIDDEN
A space seperated list of directories that are not supposed to
contain any suid or sgid items. Items which are suid or sgid in
these directories are flagged in the email seperately from the
other listings whether there are other changes or not. Example:
FORBIDDEN = "/tmp/home"
IGNORE_DIRS
Ignore entries for directories in these paths. This means that
only files will be recorded. You can effectively ignore all
directory entries by setting this to "/".
KEEP_LOGS
This is a numerical value for how many log files to keep when
rotating.
LISTALL
Forces a list of all entries to be included in th output.
Implies ALWAYS_NOTIFY.LOG_FILE
The full path of where to store the log files. These will be
rotated, each rotated log being suffixed with a digit. The
directories must already exist. This is usually
/var/log/sxid.log. Rotated logs would look like
/var/log/sxid.log.n where ’n’ is the number in the rotation. The
current log has no suffix.
Mail program. This changes the default compiled in mailer for
reports. You only need this if you have changed it’s location
and don’t want to recompile sxid.
SEARCH A space seperated list of directories to search. Sxid will use
these as a starting point for it’s searches. Example:
SEARCH = "/usr/bin/lib"